Summary of ThreatWire Video
The video discusses recent cybersecurity threats and updates, including a newly patched zero-day vulnerability in the Chromium browser, malicious npm packages targeting Roblox developers, and changes to the Offensive Security Certified Professional certification.
Key Points
- A new Chromium zero-day vulnerability (CVE-2024-7971) was patched on August 21, 2024, identified as a type confusion issue in the V8 JavaScript engine.
- The exploitation of this vulnerability is attributed to a North Korean threat actor known as Citrine Sleet, targeting cryptocurrency communities.
- Exploits included remote code execution leading to a sandbox escape and deployment of a FUD rootkit to evade detection.
- Microsoft has released updates for both the zero-day and a Windows kernel vulnerability (CVE-2024-38106).
- The Offensive Security Certified Professional (OSP) certification will introduce a “Plus” modifier effective November 1, 2024, to indicate recency and will expire after three years.
- Malicious npm packages have been discovered targeting Roblox developers through techniques like typo-squatting and brand jacking, compromising systems and stealing credentials.
- Roblox, with its large active user base, remains an attractive target for such malicious activities.
Youtube Video: https://www.youtube.com/watch?v=6SAxzHCBOQ8
Youtube Channel: Hak5
Video Published: 2024-09-04T16:00:04+00:00